WordPress.org

WordPress Planet

May 21, 2017

Matt: Boarding Wrong Flight

The Economist writes about who’s wrong when flyers end up in the wrong cities. This has actually happened to me! Probably 7-8 years ago, it was an Air Canada flight from New York to Montreal, and I accidentally boarded the one to Toronto. The mistake was realized when we were on the ground, but had pulled away from gate. Being Canadian, they were exceedingly nice and asked me to stay on the flight but they’d find me one from Toronto to Montreal after I landed.

by Matt at May 21, 2017 10:45 PM under Asides

May 20, 2017

Matt: IBM Goes Non-Remote

Like Yahoo a few years ago, IBM, an early pioneer of distributed work, is calling workers back to the office.

The shift is particularly surprising since the Armonk, N.Y., company has been among the business world’s staunchest boosters of remote work, both for itself and its customers. IBM markets software and services for what it calls “the anytime, anywhere workforce,” and its researchers have published numerous studies on the merits of remote work.

If “IBM has boasted that more than 40% of employees worked outside traditional company offices” and they currently have 380,000 employees (wow), then that’s 152k people on the market.

As I said when Yahoo did the same, it’s hard to judge this from the outside. A company that was happy about how they’re doing wouldn’t make a shift this big or this suddenly. It’s very possible the way distributed folks were interacting with their in-office teams wasn’t satisfactory, especially if they were forced to use subpar in-house tools like SameTime instead of Zoom or Skype. Yahoo didn’t have the best trajectory after they made a similar move, and hopefully IBM isn’t going to follow the same path.

In the meantime, Automattic and many other companies are hiring. If you aren’t going to work in a company’s headquarters, it is probably safest to work at a company that is fully distributed (no second tier for people not at HQ) rather than be one of a few “remote” people at a centralized company.

by Matt at May 20, 2017 07:21 PM under Future of Work

Post Status: WordPress in higher education, with Rachel Cherry — Draft Podcast

Welcome to the Post Status Draft podcast, which you can find on iTunes, Google Play, Stitcher, and via RSS for your favorite podcatcher. Post Status Draft is hosted by Brian Krogsgard.

Brian is joined by guest-host Rachel Cherry — a Senior Software Engineer at Disney, and the organizer of WP Campus, an event for WordPress in higher education. They discuss many of the things that folks working with WordPress in higher education encounter during this episode.

Prior to working for Disney, Rachel spent around a decade working on the web in higher ed, most recently at the University of Alabama.

https://audio.simplecast.com/70150.mp3
Direct Download

Links

Sponsor: SiteGround

SiteGround is engineered for speed, built for security, and crafted for WordPress. They offer feature-rich managed WordPress hosting with premium support, and are officially recommended by WordPress.org. Check out SiteGround’s website for a special deal for Post Status listeners, and thanks to SiteGround for being a Post Status partner.

Photo by Found Art Photography

by Brian Krogsgard at May 20, 2017 04:09 PM under Site Owners

WPTavern: Avada Theme Version 5.1.5 Patches Stored XSS and CSRF Vulnerabilities

Theme Fusion’s Avada WordPress Theme, the highest selling theme on Themeforest for the past four years, has fixed stored XSS and CSRF vulnerabilities in its 5.1.5 release. The security issues were discovered by WP Hütte, a WordPress security blog, and the site published details of the vunlnerabilities after Theme Fusion patched its theme.

Although the patched version has been available since early April, a notification was only recently sent out to Avada customers from Envato via email, urging them to update. Avada announced the release of 5.1.5 but did not publish anything publicly on the security issues that it fixes. Customers started learning about the vulnerabilities from the WPScan Vulnerability Database, WP Hütte, and posts on Twitter.

Theme Fusion left the security issues buried in the changelog until today when customers began receiving email notices about it. A fix was available for more than a month while customers who were unaware and had not updated were left vulnerable. Envato’s email encourages all users to update, as the release is for all previous versions of Avada.

If you have purchased Avada for clients or for yourself, you can update to the latest version by downloading it from your Envato Market account and reinstalling it. Customers with the Envato Market WordPress plugin installed can access automatic updates within the WordPress admin.

by Sarah Gooding at May 20, 2017 01:20 AM under avada

May 19, 2017

WPTavern: Quick Tip: How to Access Jetpack’s Alternative Module Interface

Late last year, Jetpack 4.3 unveiled a new admin interface written in React.js. The Jetpack team received feedback from more than 8K users before it was publicly released.

While the old interface displayed all modules on one page, the new interface breaks up module management into sections. You can also access some modules by typing its name into the search bar.

Modules are Displayed in Sections

A few days ago, I ran into a situation where I needed to find out if the Tiled and Carousel modules were enabled. I tried to locate the modules on the settings page but experienced difficulty as it’s filled with toggles and sub-menus. It’s not clear which module or modules are activated when a menu item is turned on.

Jetpack Module Search Results

If you prefer to use the old interface for managing modules, add wp-admin/admin.php?page=jetpack_modules to the URL. You can also access the old interface through Jetpack’s Debug page.

Jetpack’s Alternative Module Interface

I prefer this interface over the new one as I know which modules are on or off. Modules are also easier to find as they’re listed in alphabetical order. Ben Gillbanks originally shared the tip after discovering it solved his issues with changing Jetpack’s settings.

Which interface do you prefer?

by Jeff Chandler at May 19, 2017 11:26 PM under tips

WPTavern: WordCamp Europe Attendees Are Being Denied Visas Because Conference Ticket Price Is Too Low

This morning, WordCamp Europe 2017 organizers published an open letter to Emmanuel Macron, the president of France, regarding attendees being denied visas for the event. According to the rejections attendees have received, France is denying the visas because the ticket price for the conference is too low:

It has come to our attention that our friends from some countries are having problems with their Visas being rejected on the ground that “a 40€ entry fee cannot justify international travel”, something that makes this conference accessible to all. We are sad this is happening because now — for the first time in WordCamp Europe history — our inclusiveness is a burden we are carrying.

The open letter explains the WordCamp tradition of keeping ticket prices low to make it more inclusive for all income levels.

WCEU Communications Lead Emanuel Blagonic estimates that five people from India that have already been denied visas but said more attendees and contributors will be taking their interviews in the coming days.

“We didn’t write it to get an official response, as it is an open letter, but we hope to send the message about the importance of being inclusive and accessible – what WordCamps are, mainly because of the small ticket price,” Blagonic said. “We hope this letter will help officials understand that.”

Despite the innocuous nature of WordCamps, obtaining visas to attend these events is a perennial struggle for attendees coming from nations that have strained relations, security concerns, or other issues with the host country. Petya Raykovska, who helped organize last year’s WordCamp Europe in Vienna, said that Pakistan was the country from which the most people were declined visas. This year she has already seen several members of the Polyglots contributor team denied visas for the community summit.

“Both the WCEU and WCUS teams go above and beyond to help people get to the camp,” Raykovska said. “The WCEU team has been doing that for years, writing invitation letters in formats required by the embassies for each of the different countries.”

Unfortunately, the letters don’t always make enough of an impact. Chirag Patel, a core contributor and editor of the Gujarati translation, was denied a visa coming from India. He expressed disappointment and said he hates the visa process.

“I am a volunteer and was selected for the WCEU Summit as well but I am not able to get a visa,” Patel said. “It is so frustrating.”

Patel is re-applying with a new invitation letter and WordCamp contact details, but cannot make his travel arrangements until he is approved. This has resulted in a significantly higher cost for the trip. Patel said if it were not for his company supporting him, he would not be able to afford the increase in cost.

Andrey Savchenko, a WordPress contributor living in Ukraine, is no stranger to visa denial but is fortunate to have a five year visa to the Shengen area to attend WCEU this year. When attending WCEU in Seville in 2015, his invitation from the organizers was lost twice in the mail and he received a visa a mere five days before the event.

“That added around $400 to the cost of my flights,” Savchenko said. “Also, due to the short term visa, I could not even fly home from Seville. I had to take the train to Madrid and fly from there, to be out of country before my visa expired the day after the WordCamp.”

Savchenko was denied a visa to the U.S. for the first community summit in 2012. He described the interview in a post titled “The world with borders:”

My thin folder stays closed through all of it. My home, the one location in the world I care deeply about, is nothing. My savings, which fuel slim hope I will be able to live in a way different from paycheck-to-paycheck one day, are of no interest – all are disposable and meaningless on their scale against the chance of me “escaping” to their country.

I get back my passport and a boilerplate response letter from thick pile of printouts. It thoroughly explains that I failed to display considerable attachments and am thus guilty of trying to sneak into and stay in United States illegally by default. I feel curiously powerless – no loopholes to find, no leverage to apply, no help to call for, no proof that matters.

They spend ten minutes of their time (split about evenly between security, taking my fingerprints and interview itself) for which they charge $170. The following evening I spend much longer on Twitter, telling many people I won’t meet them and accepting their bitter disappointment.

Lead organizer Paolo Belcastro said the team has received approximately 60 requests for invitation letters, which accounts for roughly 2% of expected attendees. Although there have been only a handful of visa denials so far, many have yet to interview. Belcastro said the team penned the letter based on the feedback of a few while they still have a chance to help them.

“I think the worst about [the interview process] is how helpless it makes you feel,” Savchenko said. “Someone gets to make a judgement about you as a person and you get to pay to be called untrustworthy and unwelcome.”

For WordCamp attendees who have never had to jump through the hoops of a visa application, it’s important to remember that events held in major U.S. or European cities will always be missing the faces of valuable contributors who were unable to obtain a visa. Situations like these underscore the reality that virtual, online events, while lacking in much of the excitement and interpersonal connection, are by far the most inclusive way to gather and pass on information.

WCEU organizers said they hope the President of France can help “unblock the situation” for the remaining attendees who are still going through the visa application process. Belcastro said the chances of the open letter being read by anyone with the power of changing anything are small, especially since the French government went through a major change last week.

“It’s important to note that we have no wish to ask for any special treatment,” Belcastro said. “It’s not about asking for automatic approval of visas for our attendees, as there are many other criteria involved that we totally respect.

“Our wish is to underline that the value of a conference can’t be measured by the price of its entry ticket – the same way the value of WordPress can’t be measured by its price tag.”

by Sarah Gooding at May 19, 2017 08:06 PM under WordCamp Europe

Matt: Candy Diet

The bestselling novel of 1961 was Allen Drury’s Advise and Consent. Millions of people read this 690-page political novel. In 2016, the big sellers were coloring books.

Fifteen years ago, cable channels like TLC (the “L” stood for Learning), Bravo and the History Channel (the “History” stood for History) promised to add texture and information to the blighted TV landscape. Now these networks run shows about marrying people based on how well they kiss.

It’s from a few months ago, but Seth Godin is really on fire in The Candy Diet.

by Matt at May 19, 2017 06:06 PM under Asides

WPTavern: WordPress.com’s TV Commercials Are Confusing

In Matt Mullenweg’s 2016 State of the Word, he announced the WordPress Growth Council. The council was created as a think-tank for individuals and organizations in the WordPress community to share ideas on how best to tell WordPress’ story to grow market share.

The Growth Council serves as a collaborative means to combat the more than $300M in advertising spent by competitors like Squarespace and Wix. In the presentation, Mullenweg stated that marketing WordPress would become a higher priority compared to previous years.

WordPress.com’s First TV Ads

Automattic has unveiled five commercials that are being tested in six different television markets. The videos were created earlier this year when a volunteer team of Automatticians visited Detroit, MI, to participate in the Rebrand Detroit project.

Working with Hajj Flemings, founder of Brand Camp University, the team helped launch new sites for nine small businesses over a 48 hour period. The sites that were launched include:

The commercials are part of a series called ‘Free to be’ where business owners share what success means to them and the city of Detroit.

Each video displays a WordPress logo in the bottom-left corner of the screen with occasional factoids highlighted across the center. The commercials end with the WordPress logo displayed in the center with the words, Websites, Blogs, and Domains underneath.

WordPress.com Commercial Ending

The Message in the Commercials Is Unclear

I’ve watched each commercial a few times and my initial reaction is confusion. I don’t know exactly what WordPress.com is trying to sell me. It’s obvious that these people are seeing success with hosting their sites on WordPress.com. But is it because of the tools available or is it because the VIP team or other staff members stepped in and guided them through the process?

Unlike Squarespace’s commercials that showcase the product front and center, these commercials don’t show any of the capabilities of WordPress.com. In one of the videos, the text, “Customizable websites that can change with the times” is displayed. Instead of showing the business owners changing the look of their site with the Customizer, the commercial ends.

Customizable With The Times

In a different video, WordPress’ total market share is used as a selling point. Using this datapoint in a commercial geared towards WordPress.com is unsettling. Eric Mann, a long time WordPress developer, feels the same way:

I have no problem with WordPress.com advertisements on TV or the Radio or elsewhere. They’re great ways for Automattic to build recognition of their product and encourage new signups.

do have a problem with advertisements conflating WordPress and WordPress.com by subtly suggesting that the ‘27% of the Internet run on WordPress’ is due to Automattic or is somehow because of WordPress.com.

A majority of the 27% or now 28% of the web, according to W3Techs, uses self-hosted WordPress, not WordPress.com.

Self-hosted WordPress and WordPress.com have a symbiotic relationship. Getting into semantics may seem like nitpicking but it’s important to distinguish that they are not the same thing.

The marketing material used in the screenshot above conflates them. Examples like this don’t do anything to alleviate the confusion that exists between WordPress.com and self-hosted WordPress.

I realize I’m not the target market for these ads but they leave me with more questions than answers. Squarespace commercials intrigue me to the point of wanting to check out what the service has to offer. Meanwhile, I don’t have any emotional reaction after watching the WordPress.com commercials.

In the future, I’d like to see a commercial that highlights the tools available on WordPress.com and shows a human using them to quickly edit and change their sites. This is something I think a lot of people can relate to instead of reading text that explains what the service’s capabilities are.

If you were tasked with producing a commercial for WordPress.com, how would you showcase the best of what the service has to offer? Let us know what you think of the commercials in the comments.

by Jeff Chandler at May 19, 2017 07:10 AM under wordpress.com

WPTavern: Primary Vagrant 4.0 Updated to Use PHP 7.1, Introduces a Site Generator

In 2014, Chris Wiegman forked VVV to create Primary Vagrant, an Apache based Vagrant configuration that uses Puppet. The project has steadily evolved over the past three years and the latest release includes significant changes that require users to destroy any existing environments before upgrading.

Primary Vagrant 4.0 runs on PHP 7.1 by default. It also introduces a site generator that makes it easy to create and manage new sites. The project has incorporated Landrush, a Vagrant plugin that provides a simple DNS server without users having to edit their hosts file.

Wiegman said the direction for the release came from a combination of user feedback as well as features and fixes incorporated back from a fork of Primary Vagrant that he uses at his day job as a WordPress/Web Developer at UF Health at University of Florida. He and four other colleagues use it daily, which has helped him continually improve the project. Version 4.0 was released alongside a new extensive Wiki which Wiegman created to make it easier for his team at work.

Switching between PHP versions is not yet as easy as Wiegman would like it to be. It can be done but he doesn’t recommend it. He is considering moving the project to use Docker in the future but will be sticking with Vagrant for the time being.

“Most Docker configs I see are really done the same way as Vagrant boxes simply swapping Docker for Vagrant,” Wiegman said. “I’ve debated moving this project to Docker but it would be done to allow more flexibility (swap nginx/mysql, php versions, etc). So far I’ve been more interested in making this as complete as possible for what I need it to do and I think with 4.0 it’s finally there.”

Wiegman has been considering abandoning Vagrant for Docker for more than six months. In a November 2016 post titled Vagrant Is Not the Answer for Everyone, he identified a few of its shortcomings.

“After working with Vagrant for nearly three years. and even writing a post on how great it is, I can now say without hesitation that it is not the solution I thought it was,” Wiegman said. “I don’t say that lightly either as I’m about to launch version 4.0 of my Primary Vagrant project. Instead I say it based on the expectations we have put on it as a development community combined with the ecosystem (or lack thereof) of the tools we have been using to attempt to bend it to our will.”

Vagrant’s lack of flexibility for configuring software versions along with the lack of good interfaces to modify things like virtual host configurations have caused Weigman to take a second look at other solutions. Although Vagrant solves many issues for those who need to reproduce a development environment, dealing with the frustrating fragility of its maintenance requirements can sometimes be a major time sink.

“The need for a good Vagrant box to install and configure the various pieces that make it all work means it doesn’t take much for something to fail resulting in, at best, an error message that requires another provision and, at worst, lost hours spent attempting to solve the issue in the tool that is supposed to help you build your product,” Wiegman said.

The engineering team at 10up, creators of VVV, have also recognized some of the major drawbacks of using VVV, Vagrant, and Virtual Box/Hyper-V. They have recently released WP Docker as a faster, more lightweight alternative. Although the company still uses VVV in some instances, its development teams are free to choose the best solution for their projects.

For Primary Vagrant’s upcoming 5.0 release, Wiegman is considering using Puppet 4 or replacing it with a new provisioning solution. He is also carefully examining a move to Docker and is experimenting to decide what will be best. Moving to Docker would offer the ability to treat PHP, MySQL, Apache, and other services more like a module that could be easily replaced, allowing for greater customization.

“If I went Docker it might become Primary Docker and Primary Vagrant might be put up for adoption,” Wiegman said. “I’m not really sure yet, as that’s a pretty major change.”

by Sarah Gooding at May 19, 2017 04:26 AM under vagrant

May 18, 2017

Matt: One Million Words

My colleague Sara has reached one million words posted to our internal sites, and has some tips for distributed work and communication. I just checked my stats, I’m only at 867k.

by Matt at May 18, 2017 11:56 PM under Asides

WPTavern: Atom Editor Adds Git and GitHub Integration

GitHub open sourced its JavaScript-powered Atom editor in 2014 with extensibility designed to be its single-most important feature. Over the past three years, a thriving ecosystem of more than 6,000 packages to extend the editor has grown out of Atom’s open source community. GitHub estimates Atom now has 2.1 million active users.

This week Atom added a major missing piece for developers who rely on GitHub as an indispensable part of their workflows. A new core package adds Git and GitHub integration to the editor with a dock item and status bar widgets. The first iteration’s UI gives Atom users the ability to stage changes, create commits, create and switch branches, and resolve merge conflicts. Users can also see pull requests associated with the current branch in the sidebar, as well as a detailed view of issues or pull requests.

The Atom editor is gaining popularity with WordPress developers. Its package directory lists more than a dozen packages for WordPress development, including autocomplete for WordPress actions and filters and code snippets for plugin and theme developers.

GitHub also announced the launch of its new open source GitHub client. GitHub Desktop Beta has been redesigned in Electron to provide a simpler user experience for developers who are new to Git. Building the application on Electron also enables the product’s development team to move its existing desktop apps to a shared codebase, as outlined on the GitHub Engineering blog:

From the start, GitHub Desktop for macOS and Windows were two distinct products, each with their own team. We worked in two separate tech stacks using two different skill sets. To maintain parity across the codebases, we had to implement and design the same features twice. If we ever wanted to add Linux support, we’d have to do it all a third time. All this meant we had twice the work, twice the bugs, and far less time to build new features. As it turns out, building native apps for multiple platforms doesn’t scale.

Rewriting the desktop client on Electron allows GitHub to provide a unified cross-platform experience while reducing development time for the product. The beta app is open source and is available for download for users who want the newest desktop features before they are officially released.

by Sarah Gooding at May 18, 2017 03:31 AM under github

WPTavern: WPWeekly Episode 273 – Mental Health Awareness With Bridget Willard and Ed Finkler

The month of May is Mental Health Awareness month. On this episode, Ed Finkler, founder of Open Sourcing Mental Illness (OSMI), and Bridget Willard, Marketing Manager for WordImpress, join me to raise awareness of mental health.

We start the show by discussing what mental health is and what it means to feel normal. We talk about the stigma associated with opening up to others and why it’s often seen as a brave action. Finkler shares tips on how people can help those battling mental illness. He also explains what not to do.

The following resources were mentioned during the show:

  • WPHugs – A safe space for people to openly discuss mental health issues.
  • Mental Health Support – A public group on Slack that provides mental health support.
  • OSMI Handbooks – Handbooks for employees, employers, and guidelines for good mental health in the workplace.
  • Mental Health First Aid – A course that educates people on how to help those with a mental health or substance-use crisis.

Finkler announced on the show that he is stepping down from his role at Graph Story and will be working on the OSMI project full-time. OSMI is raising funds for 2017. Funds will be used for traveling to speak at events, create and update helpful resources, and a salary. If you’re able, please consider donating. OSMI is a US 501(c)(3) organization, and all donations are tax-deductible.

Stories Discussed:

WordPress 4.7.5 Patches Six Security Issues, Immediate Update Recommended
What to Expect in WordPress 4.8

WPWeekly Meta:

Next Episode: Wednesday, May 24th 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #273:

by Jeff Chandler at May 18, 2017 12:53 AM under wordpress 4.8

May 17, 2017

WPTavern: WordCamp Europe Contributor Day to Host 13 Workshops, Event is Nearly Sold Out

WordCamp Europe’s Contributor Day is set for Thursday, June 15th, 2017, the day before the conference days begin. Attendees will be split into contributor teams and this year the event will also feature four talks and 13 workshops. The selected team leaders are long-time WordPress core and community contributors from around the world.

Scheduled talks include topics aimed at contributors, such as “How the WordPress Security Team Works” and “Why Your [Translation] Community Needs a Glossary.” The workshops are more educational sessions that kickstart contribution, i.e. setting up a development environment for contributing to WordPress, internationalization for developers, JavaScript in core, and learning how to contribute code to the Meta Team, among other topics.

The Contributor Day schedule was published to the event’s website today with room locations identified for teams, talks, and workshops.

Capacity for the event is 500 attendees, which is larger than many WordCamps. As of this morning, there were fewer than 50 spots remaining. Contributor Day signup is separate from the WordCamp registration and is still open for the last few available tickets.

by Sarah Gooding at May 17, 2017 07:30 PM under WordCamp Europe

HeroPress: Community saved my life: Falling down, lifted up.

Pull Quote: It is through helping others that I am helping myself every day... #mentalhealth

“Never doubt that a small group of thoughtful, committed, citizens can change the world. Indeed, it is the only thing that ever has.”
― Margaret Mead

This essay took me a long time to end; mainly because, in many ways, I am still writing it. My first essay for HeroPress was two years ago (“W-W-Waiting For The Right Circumstances“), June 2015; an essay written at a time in which I was at my Zenith.

It was a story written by a young man full of hope, dreams, and accomplishment. A young man peaking in his career and his relationships. A young man who still had a long way to learn in this world; especially about himself and what true community meant. This essay, the one you are reading now, is from rock bottom.

The Great Depression

People, mostly those who do not have depression, think of depression as a severe sadness; it is not sadness. Sadness can be felt. Depression is more of a vacuous endurance of life; each moment folding aimlessly into the next. Sadness would be a relief in comparison.

I have had depression many times in my life prior to the one I am about to tell you about; previously I had managed to endure through it, this time was different and this time I needed help. I, unsurprisingly to me, was diagnosed with (aptly named) ‘manic depression’. This explained my amazing highs, my deepest lows, and the plateau of the in-between.

What did this mean for me? I didn’t know, I was still me. Nothing about me had changed other than learning a new label that I had to bare. I was still me. I was still me.

According to the World Health Organization (WHO) in 2001:

“One in four people in the world will be affected by mental or neurological disorders at some point in their lives.”

I was one in that four people; a large number, yet I felt alone.

Alone because there is so much stigma attached to having a Mental Wellness issue that we barely talk about it, its almost taboo. We are a society more comfortable with having a broken leg than to tell our bosses, colleagues, friends or peers that we are depressed.

That needed to change.

WordCamp Closet

At WordCamp Cape Town 2016, I stood in-front of an audience and came out of the figurative closet with my presentation of: “The WordPress Community, Mental Wellness, and You

After that talk, many people came out of their own closets to me and thanked me for being so ‘brave’ as to talk so openly about a subject so few understood much about. My hope with that talk, with this essay, that an act of openness like this is no longer seen as ‘being brave’ but being normal, being understood. It was the ‘bravery’ of people like Cory Miller and Rich Robinkoff that allowed me to be brave in telling my own story.

That was September 2016. In February 2017, I reached my darkest hour when I attempted to take my own life.

A New Beginning

In many ways, this is my WordPress re-origin story.

After surviving my own actions, it was the WordPress community that were there to support me. It was my friends I had made in the local WordPress community, and when I opened up about my experience, the international WordPress Community came to help me.

There are so many people in the WordPress Community who I owe a huge debt to. People who genuinely reached out and cared about the response I gave when asked, ‘How are you?’.

It was in this moment of realizing I had the WordPress Community that I began to live again; the WordPress community saved my life. It was in this moment that I realized that if I knew I could have this support sooner, I may not have gone as far as I had gone. It was in this moment that I vowed to be blatantly honest with the world so that no one else may ever feel that they are that alone again.

Is there any other software specific community that can make the claim of being so caring as to have helped someone stay alive? I do not know the answer to that question, but I do know that WordPress and its community has definitely done that for me.

WPHugs: Giving back to community

I openly wrote about my experiences.

I even mention it straight up in Job Interviews, and I do believe that this, knowingly or unknowingly, has costed me various positions I could have easily received had there not been any mention of a mental illness and my recent events – and its understandable.

How would you react when you ask a candidate about why he left his previous employment, and he answers: “I am manic depressive, I went a few months off my meds, I did not understand it enough at the time, and then tried to take my own life and later moved cities to be closer to family and friends”? When all I could have said was I moved cities to be closer to family, with a smile that couldn’t be argued with.

I started an initiative called WPHugs, a passion project hugely inspired by HeroPress, which is designed to be a safe space in the WordPress Community where topics of Mental Health, and general well-being and life balance can be freely and non-judgmentally spoken about, with care and compassion offered by all. This reminds me, we should have a creed, all great communities have one.

It is simply fortunate timing that WPHugs.org and this essay are launched and written in Mental Health Awareness Month. Some may even go as far as calling it serendipity; a word I have tattooed in Braille on my wrists.

It is through helping others that I am helping myself, everyday…

In conclusion-ipsum

My story is not unique – it is simply one that is told.

In speaking out about Mental Wellness and the huge role our community plays in its stigma, I hope that someone, somewhere, also gets ‘brave enough’ to speak up and reach out.

I have no conclusion to this essay… I continue, everyday, to write it; and I hope you do too.

The WordPress community doesn’t just power a percentage of the internet; It empowers too.

P.S. Talking about it will only become easier by talking about it, so please, continue the conversation; lets more of us talk and keep talking.

The post Community saved my life: Falling down, lifted up. appeared first on HeroPress.

by Leo Gopal at May 17, 2017 12:00 PM

Matt: New TV Ads

As I mentioned in the State of the Word this is the year we’re ramping up marketing. There is lots to learn and much to follow, but we have our first TV ads up in six markets to test. Each shares a story of a business in Detroit, and I actually got the chance to visit one of the businesses earlier today.

 

by Matt at May 17, 2017 05:08 AM under Asides

WPTavern: WordPress 4.7.5 Patches Six Security Issues, Immediate Update Recommended

WordPress 4.7.5 was released today with fixes for six security issues. If you manage multiple sites, you may have seen automatic update notices landing in your inbox this evening. The security release is for all previous versions and WordPress is recommending an immediate update. Sites running versions older than 3.7 will require a manual update.

The vulnerabilities patched in 4.7.5 were responsibly disclosed to the WordPress security team by five different parties credited in the release post. These include the following:

  • Insufficient redirect validation in the HTTP class
  • Improper handling of post meta data values in the XML-RPC API
  • Lack of capability checks for post meta data in the XML-RPC API
  • A Cross Site Request Forgery (CRSF) vulnerability was discovered in the filesystem credentials dialog
  • A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files
  • A cross-site scripting (XSS) vulnerability was discovered related to the Customizer

Several of the vulnerability reports came from security researchers on HackerOne. In a recent interview with HackerOne, WordPress Security Team Lead Aaron Campbell said the team has had a spike in reports since publicly launching its bug bounty program.

“The increase in volume of reports was drastic as expected, but also our team really hadn’t had to process any invalid reports before moving the program public,” Campbell said. “The dynamics of the Hacker Reputation system really came into play for the first time, and it was really interesting to figure out how to best work within it.”

If WordPress continues to sustain the same volume of reports on its new HackerOne account, users may see more frequent security releases in the future.

WordPress 4.7.5 also includes a handful of maintenance fixes. Check out the full list of changes for more details.

by Sarah Gooding at May 17, 2017 01:44 AM under security

May 16, 2017

WPTavern: What to Expect in WordPress 4.8

WordPress 4.8 Beta 1 is available for testing and has a couple of features that will likely have a big impact.

New Image, Video, and Audio Widgets

WordPress 4.8 has three new core widgets and adds a visual editor to the Text widget. Adding video, audio, or images to text widgets typically involves using custom HTML.

Each of the new widgets in 4.8 takes advantage of the WordPress Media Library. Because the widgets use the media modal, users can insert content from a URL. This is particularly convenient for the Video widget as most videos are not stored locally.

Core Image Widget

Here is what the core widgets look like on Twenty Seventeen after they’ve been configured.

Core Widgets on The Frontend

The text widget now has a visual editor with a couple of basic formatting tools available. The visual editor supports Keyboard shortcuts. However, it does not support oEmbed. Like the post editor, you can switch between Visual and HTML mode. The HTML version of the editor benefits from the upgrade as it provides users with the same formatting tools that are available in the visual editor.

Text Widget HTML Mode

Link Boundaries

Link boundaries are a byproduct of the ongoing work to Gutenberg, WordPress’ new block-based editor. If you’ve ever written links in the visual editor, you may have noticed that sometimes it’s difficult to move the cursor outside of the link element.

In WordPress 4.8, link boundaries provide a visual cue of when the cursor is inside a link element. This video recorded by Matias Ventura provides a visual demonstration of how link boundaries work.

Inside Link Boundary Outside Link Boundary

During testing it felt like this was more of a bug fix to how the visual editor behaves rather than a new feature.

Dashboard News Widget Includes Upcoming Local WordPress Meetups

There are 1,180 WordPress meetups registered on Meetup.com and close to 100 WordCamps scheduled for this year. In an effort to remind users of the WordPress communities that exist around them world-wide, the WordPress News Dashboard widget has been modified to include Meetups and WordCamps near a user’s location.

News Widget Shows Upcoming Meetups and WordCamps

The widget will try to guess your location automatically. If it’s incorrect, clicking the Pencil button opens a box where you can type in your city. The bottom of the widget includes links to the WordPress Meetup landing page, WordCamp Central Schedule, and the WordPress.org news blog.

WordPress 4.8 Sets the Stage for Gutenberg

It should be noted that WordPress 4.8 will not include Gutenberg. It does, however, lay the foundation for Gutenberg to arrive in a future release.

The easiest way to install and test WordPress 4.8 Beta 1 is to install and activate the Beta Tester plugin on a staging site. Once activated, visit Tools > Beta Testing and select Point release nightlies and then update WordPress.

If you believe you’ve encountered a bug, you can report it to the Alpha/Beta section of the WordPress support forums. Please provide as much detail about the bug as possible. WordPress 4.8 is tentatively scheduled for release June 8th.

by Jeff Chandler at May 16, 2017 11:26 PM under wordpress 4.8

WPTavern: Hookr Plugin Rebrands as WP Inspect, Project to Shift to a Module-Based Architecture

A year and a half after the initial release of the controversially-named Hookr plugin, its creator, Christopher Sanford, has rebranded the plugin as WP Inspect. The plugin provides a WordPress hook/API reference for developers and displays the actions and filters that fired as the page loaded. At launch Sanford was fairly committed to the Hookr brand, despite criticism, due to an oversaturated market for WordPress developer plugins. After 3,500 downloads, Sanford decided to rebrand and put the plugin in the official directory.

“Based on the usage and positive feedback, I wanted to target a broader audience, which led to both the re-brand and submission to the WordPress Plugin repository,” Sanford said. “Leveraging the plugin repo, it will be much easier to coordinate/communicate updates, which is somewhat lacking today.”

The 1.0.0 release of WP Inspect includes mostly bug fixes and technical debt cleanup with two major enhancements:

  • WP Inspect will only be active under specific roles, with Administrators being enabled by default. (Previously it was active for everyone.)
  • Action detail now requires no additional clicks. (Before, if users wanted to inspect an action, they would have to click the action name.)

Sanford said WP Inspect will be migrating to a module-based architecture that will allow users to create their own tooling. He is also planning to release several commercial modules that will expand the debugging capabilities of the plugin. He said he doesn’t anticipate the type of demand or usage that would warrant a marketplace for third-party modules, but he’s open to the idea.

With the plugin now rebranded and released, Sandford is using his time to create the infrastructure to offer Hookr as a SaaS product for commercial theme and plugin developers.

“Depending on membership level, users can interface with HookrAPI to get additional details for debugging,” Sandford said. “Users may submit their current codebase for ‘comment coverage’ analysis, which is great for determining the quantity and quality of inline code documentation. Finally, users may submit their projects to HookrAPI for real time code parsing and documentation to be included with their commercial theme or plugin.

Sanford plans to launch a sister site to the online Hookr.io reference, under another “G-rated” name with a simplified interface, as well as an offline version of Hookr. These will lay the groundwork for the next item on the roadmap: native mobile applications with offline data.

by Sarah Gooding at May 16, 2017 10:54 PM under wp inspect

Dev Blog: WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.

WordPress versions 4.7.4 and earlier are affected by six security issues:

  1. Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing.
  2. Improper handling of post meta data values in the XML-RPC API. Reported by Sam Thomas.
  3. Lack of capability checks for post meta data in the XML-RPC API. Reported by Ben Bidner of the WordPress Security Team.
  4. A Cross Site Request Forgery (CSRF)  vulnerability was discovered in the filesystem credentials dialog. Reported by Yorick Koster.
  5. A cross-site scripting (XSS) vulnerability was discovered when attempting to upload very large files. Reported by Ronni Skansing.
  6. A cross-site scripting (XSS) vulnerability was discovered related to the Customizer. Reported by Weston Ruter of the WordPress Security Team.

Thank you to the reporters of these issues for practicing responsible disclosure.

In addition to the security issues above, WordPress 4.7.5 contains 3 maintenance fixes to the 4.7 release series. For more information, see the release notes or consult the list of changes.

Download WordPress 4.7.5 or venture over to Dashboard → Updates and simply click “Update Now.” Sites that support automatic background updates are already beginning to update to WordPress 4.7.5.

Thanks to everyone who contributed to 4.7.5.

by Pascal Birchler at May 16, 2017 10:39 PM under 4.7

WPTavern: U.S. District Court Denies Pre-Trial Motion to Dismiss GPL Infringement Case

photo credit: weiss_paarz_photos Gavel – Courtroom and Gavel(license)

The District Court for the Northern District of California has denied a motion to dismiss a complaint of breach of contract and copyright infringement claims in a case regarding the GPL. The plaintiff, Artifex Software Inc., is the creator of Ghostscript, an AGPL-licensed PDF interpreter. In 2016, the company filed a lawsuit against Hancom, a South Korean software company that incorporated Ghostscript into its Hangul word processing software without complying with the GPL.

Ghostscript is available for free for those who use it in compliance with its AGPL license. Artifex also offers a commercial license of Ghostscript that is required if the user is including it and distributing it within an application that is not licensed under the AGPL. Richard Stallman outlined this common practice of “selling exceptions” to the GPL in 2010, saying that he has considered it acceptable since the 1990’s, because “this approach has made it possible for important programs to become free software.”

According to the complaint, Hancom failed to purchase a commercial license and also did not distribute the source code as required by the AGPL:

Because Defendant did not have a commercial license for Ghostscript, its use and distribution of Ghostscript constituted consent to the terms of the GNU GPL…In addition, Defendant’s website stated that it had licensed Ghostscript under the GNU GPL. Nonetheless, Defendant failed to comply with key provisions of the GNU GPL. In particular, because Defendant integrated Ghostscript into its software without revealing to the end-user that Ghostscript was part of the Hancom software, the GNU GPL required Defendant to distribute its software with the accompanying source code. Defendant did not do so and thus violated the GNU GPL, terminating Defendant’s license to use Ghostscript. Defendant’s failure to obtain a commercial license deprived Plaintiff of a licensing fee, or, alternatively, its failure to comply with the GNU GPL deprived Plaintiff of the opportunity “to further promote the advancement of interpreter technologies.”

Although Hancom is said to have removed Ghostscript from its software in August 2016, Artifex is asking for a court order for Hancom to stop the infringement and seeks compensation for damages. Artifex also requests that the court require Hancom to distribute to each licensee of Hangul and Hancom Office the complete source code for the products in accordance with the GPL.

Hancom responded by filing a motion to dismiss the complaint on the grounds that Artifex had not demonstrated the existence of a contract, how it was breached, or the damages caused by a breach.

An order issued by Magistrate Judge Jacqueline Scott Corley ruled that Artifex has sufficiently established the existence of a contract:

The GNU GPL, which is attached to the complaint, provides that the Ghostscript user agrees to its terms if the user does not obtain a commercial license. Plaintiff alleges that Defendant used Ghostscript, did not obtain a commercial license, and represented publicly that its use of Ghostscript was licensed under the GNL GPU. These allegations sufficiently plead the existence of a contract.

Furthermore, the ruling also recognized the damage that results from a company failing to comply with an open source license, citing the 2008 ruling on Jacobsen v. Katzer, another open source licensing dispute:

Indeed, as the Federal Circuit has recognized, there is harm which flows from a party’s failure to comply with open source licensing: “[t]he lack of money changing hands in open source licensing should not be presumed to mean that there is no economic consideration” because “[t]here are substantial benefits, including economic benefits, to the creation and distribution of copyrighted works under public licenses that range far beyond traditional license royalties.” Jacobsen v. Katzer, 535 F.3d 1373, 1379 (Fed. Cir. 2008).

Although QZ.com and other media outlets are reporting that this is a groundbreaking ruling that makes open source licenses an enforceable contract, the case has not yet gone to trial. The court has simply denied Hancom’s arguments that because the company didn’t sign anything, the GPL does not constitute a contract. The ruling states that Artifex’s allegations regarding the dual licensing structure for its product are enough for the company to begin the process of pleading damages for its claim that Hancom breached its contract. It is not a ruling about whether or not copyleft licenses are enforceable.

Artifex is now free to pursue its case of breach of contract and copyright infringement claims against Hancom, but it’s still very early and may end in a settlement. Hancom is ordered to file its answer by May 18 and both parties are scheduled to appear for an Initial Case Management Conference on June 15.

by Sarah Gooding at May 16, 2017 07:09 PM under gpl

WPTavern: WordPress.com Experiments With Allowing Business Plan Customers to Install Third-Party Plugins and Themes

One of the most important things that distinguishes self-hosted WordPress from WordPress.com is the ability to install custom themes and plugins. A recent change to WordPress.com’s Business Plan removes this limitation, allowing customers to install most third-party plugins and themes.

WordPress.com Comparison Chart

In a WordPress.com support thread created in February, a user asked how to install plugins on WordPress.com. Volunteers responded with the usual explanation that plugins can not be installed on WordPress.com and that they would need to use the self-hosted version of WordPress instead.

A few days ago, Valedeoro, a member of WordPress.com’s support staff, updated the thread announcing that third-party plugin support had recently been opened to customers on the WordPress.com Business Plan.

Quick update on third-party plugins: We’ve recently opened the opportunity to install plugins for Business Plan users. Keep in mind that most features are covered already by the plugin included in your WordPress.com account, so it is possible that you do not need any additional plugins.

Further into the thread, a second support staff member acknowledged that WooCommerce can be installed. A third support staff member confirmed that the ability to install most third-party plugins and themes was added to the Business Plan.

Details of the changes have not been published yet. “We’re still in an experimentation phase,” Automattic representative Mark Armstrong said. “It’s something we’ve rolled out to Business Plan users over the last couple weeks, and we’re looking forward to continued testing.”

This move would place WordPress.com squarely in the managed WordPress hosting space. If installing custom plugins and themes becomes a permanent feature, it will be interesting to see how it affects the confusion between WordPress.com and self-hosted WordPress.

by Jeff Chandler at May 16, 2017 08:30 AM under wordpress.com

May 15, 2017

Matt: Rules for Standards

Dave Winer has one rule that matters and a number of other good points on making standards and protocols.

by Matt at May 15, 2017 08:34 PM under Asides

WPTavern: WordPress Is Now on HackerOne, Launches Bug Bounties

WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all of their respective websites.

The WordPress Security team launched its HackerOne profile privately at first and had been inviting reporters to use it when they reported security issues via email. Having the profile public makes it possible for the team to work together on triaging the issues that are submitted. WordPress Security Czar Aaron Campbell said the new system will reduce the time spent on responding to commonly reported issues, allowing the team to spend its time more effectively.

“We have about 40 people with access to triage reports, although, like most volunteer groups, not everyone is usually triaging at the same time,” Campbell said.

The project also launched bug bounties to reward reporters for responsibly disclosing security issues and Campbell said the team has awarded more than $3,700 in bounties to seven different reporters.

“So far bounties have ranged from $150 to $1,337,” Campbell said. “Anything that qualifies for a cash bounty will be $150+. We have a few swag bounties (hoodies) for really small things that will be going out soon as well (finishing getting everything set up with the swag store to do this now).”

Campbell confirmed that $1,337 is not the upper limit of the bounties and that there are bugs that could qualify for larger bounties.

“Bounties are calculated based on bug severity, the product or site it’s on (WordPress core being weighted more heavily than say the swag store), and also the quality of the report,” Campbell said. Automattic is sponsoring the bounty payouts on behalf of the WordPress project.

by Sarah Gooding at May 15, 2017 07:51 PM under security

BuddyPress: Naturkontakt, Organising Sweden’s Largest Environmental NGO

This is a guest post by Alexander Berthelsen (lakrisgubben) from the Swedish WordPress agency Klandestino AB.

Peer reviewed by @boonebgorges

Naturkontakt front page

Naturkontakt (Nature contact) is the home for members of the Swedish Society for Nature Conservation (SSNC), Sweden’s largest environmental NGO with over 200,000 members. This is a private site where SSNC members can read and publish internal news about the organisation, take part in forum discussions, and join or create groups to help them organise their work. Members of SSNC can create WordPress user accounts using their membership numbers from the organization’s CRM (Customer Relationship Management) software.

Background

Naturkontakt has been around since the 90’s, powered by FirstClass. By 2010, that platform had become outdated and its market share was declining. This led some members to write proposals to find a new platform. Their goal was to select a platform which would serve as a hub for all the different aspects of SSNC’s mission and vision. These include “spreading knowledge, charting environmental threats, proposing solutions, and influencing politicians and authorities, both nationally and internationally. Under democratic forms, we work regionally in 24 county branches and locally in 270 community branches.”

Moving to WordPress

In 2011, SSNC acted on their decision to set up a new web-based platform for internal communications and contacted us at Klandestino to work on this project. After evaluating different platforms, we chose WordPress. Some deciding factors include WordPress’ open source licensing, our experience working with the platform, and the plethora of different plugins that extended WordPress to make it suitable for online communities.

The first iteration of the new Naturkontakt site was launched in 2011, powered by WordPress and WP Symposium. This was quite a while ago but as I recall (plus email logs), the choice stood between BuddyPress and WP Symposium. At that time, WP Symposium already had a forums component while BuddyPress lacked a solid forum integration. Remember that this was the time of the stand-alone bbPress forums which took a tortuous and unstable route to integrate to both WordPress and BuddyPress.

bbPress 2.0 to the Rescue

A year after we launched the new site, we undertook an evaluation which revealed some pain points. To name a few, WP Symposium had limited extensibility, some security issues, and major problems with performance. With those challenges in mind, we researched again into other community solutions for WordPress. By that time, the new bbPress 2.0 plugin was available and it worked very well with BuddyPress.

It was an easy decision to switch from WP Symposium to BuddyPress and bbPress. The major tasks were the arduous migration of data and continuous testing. This new set up has stood the test of time, we’re really pleased with it. The BuddyPress-bbPress combination gave us a running start with forums, groups, profiles, and messages, which are some of the required pieces of functionality needed on Naturkontakt.  

Profile page

Further development of Naturkontakt 2.0 led to the introduction of multisite features to the community. Fortunately, BuddyPress works very well in a multisite environment. Each local organisation (group) of SSNC could have their own subsite to publish news.

To make this work as smoothly as possible, we wrote custom plugins for the following functionalities:

  • Many-to-many relationships between groups and subsites. For example, the group coordinating work on forest issues could be connected to the subsite publishing news about forest issues.
  • File archives for groups so that members can upload and version docs, PDFs, images, etc.
  • Sitewide search, a plugin that indexes all content from the entire multisite network into a “ghost” site to make it possible to have a centralised search throughout the entire network and blog/archive pages that lists posts from all sites.
  • A drag and drop front page workflow where the editors of the site can search for and list articles from all sites on the network on the main site front page.

This second version of Naturkontakt was released in late 2012. Since then, the basic functionalities have remained more or less the same. The site did get a facelift a few years ago when we focused on making the site work better on phones and tablets.

Blog Archive

Going forward with PHP 7

Last year, after a month of capacity/speed problems, a new evaluation showed that some long-delayed upgrades had to be made. We started a new project to focus mainly on stability and speed improvements. We finished the project just right before this article was written.

We implemented the following improvements:

  • Combed through the codebases. We searched for deprecated functions and places where custom functionality could be replaced with newly added functionality from BuddyPress, WordPress, and bbPress. We decreased the number of active plugins by a third because of the new features that had been rolled into the above-mentioned projects.
  • Switched over to Elasticsearch/ElasticPress. Our custom sitewide search has served its purpose well. However, since it’s only been used on this platform its development has fallen behind. And compared to new technologies such as Elasticsearch it didn’t cut the mustard. By switching to Elasticsearch we have offloaded a lot of the most expensive queries currently done by WordPress to a server/platform that’s fine-tuned for that kind of work.
  • Upgraded to PHP 7. This was the last part of the project. We’ve seen major improvements in the response time from the server, on average about 50%-70% decrease in response times! That is, of course, very important on a dynamic site such as for any community where static page caching often isn’t an option.

In conclusion

Our stats show the continued growth of the SSNC community, even though the competition from Facebook can be really hard. One of the major advantages of using WordPress, BuddyPress, and bbPress is that SSNC owns its own data.

Of course, there are always things to improve on. When we completed the recent project to improve performance, despite limited budgets and time constraints, we were all satisfied and hopeful that the site will be around for many more years. We also expect that upcoming development work will be focused more on the user interaction elements of the site, hopefully by building upon and extending the great work that has gone into BP Nouveau. <3

To end on a personal note I’d like to thank all of the wonderful contributors to BuddyPress who have welcomed me into the community and helped me along with trac tickets and patches. Beyond my satisfaction with Naturkontakt and working with SSNC (whom I share a lot of political views with), and the functionality that BuddyPress has provided for the project, the best part of having worked on this site is that I also feel that I’ve become part of a community that tries to do something constructive about the unpleasant grip that Facebook has over our personal and professional lives.

lakrisgubben Alexander Berthelsen and his two colleagues are co-owners of the web development co-operative Klandestino AB. Based in the suburbs of Stockholm, Sweden they mainly do WordPress work with a focus on NGO’s and member organisations. Alexander spends most of his five-for-the-future time on making small contributions to BuddyPress.

 

by @mercime at May 15, 2017 04:16 PM under developers

Dev Blog: WordPress Now on HackerOne

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially on HackerOne!

HackerOne is a platform for security researchers to securely and responsibly report vulnerabilities to our team. It provides tools that improve the quality and consistency of communication with reporters, and will reduce the time spent on responding to commonly reported issues. This frees our team to spend more time working on improving the security of WordPress.

The security team has been working on this project for quite some time. Nikolay Bachiyski started the team working on it just over a year ago. We ran it as a private program while we worked out our procedures and processes, and are excited to finally make it public.

With the announcement of the WordPress HackerOne program we are also introducing bug bounties. Bug bounties let us reward reporters for disclosing issues to us and helping us secure our products and infrastructure. We’ve already awarded more than $3,700 in bounties to seven different reporters! We are thankful to Automattic for paying the bounties on behalf of the WordPress project.

The program and bounties cover all our projects including WordPress, BuddyPress, bbPress, GlotPress, and WP-CLI as well as all of our sites including WordPress.org, bbPress.org, WordCamp.org, BuddyPress.org, and GlotPress.org.

by Aaron D. Campbell at May 15, 2017 04:02 PM under Security

May 14, 2017

HeroPress: HeroPress Geography: Western Europe

Map of Western Europe with HeroPress points on it

When HeroPress started I didn’t plan on having contributors from western Europe, any more than the U.S.  As it turns out, we ended up with lots of people from both places. I’d still love to get people from Spain, Portugal, Italy, and Ireland. If you know anyone in those places with a great WordPress story, please have them fill out the contributor form.

Going Back To My Roots

Over The Atlantic

Uncomfortable doesn’t mean walk away

Burning the Midnight Oil

The Bumpy Journey of Becoming

How to Learn WordPress Without Doing It on Your Own

Living A Better Life Thanks To WordPress

A Sense Of True Freedom

My Road to WordPress

Getting A Life

WordPress is What We Make of It

Coming Home

Moving On From Moving On Stage

The post HeroPress Geography: Western Europe appeared first on HeroPress.

May 14, 2017 12:21 AM under The Netherlands

May 13, 2017

Dev Blog: WordPress 4.8 Beta 1

We’re planning a smaller WP release early next month, bringing in three major enhancements:

  • An improved visual editor experience, with a new TinyMCE that allows you to navigate more intuitively in and out of inline elements like links. (Try it out to see, it’s hard to describe.)
  • A revamp of the dashboard news widget to bring in nearby and upcoming events including meetups and WordCamps.
  • Several new media widgets covering images, audio, and video, and an enhancement to the text widget to support visual editing.

The first beta of 4.8 is now available for testing. You can use the beta tester plugin (or just run trunk) to try the latest and greatest, and each of these areas could use a ton of testing. Our goals are to make editing posts with links more intuitive, make widgets easier for new users and more convenient for existing ones, and get many more people aware of and attending our community events.

Four point eight is here
Small changes with a big punch
Big ones come later

by Matt Mullenweg at May 13, 2017 12:15 AM under Releases

May 11, 2017

WPTavern: WPWeekly Episode 272 – Interview With James Farmer, Co-Founder and CEO of Incsub

On this episode of WordPress Weekly, I’m joined by James Farmer, co-founder and CEO of Incsub. Farmer has been involved in the WordPress community for 11 years and in that time, he and I have butted heads, mildly speaking.

Last year, Farmer looked back at the last 10 years of being a WordPress entrepreneur. In that post, he shares emails and conversations he has had in the WordPress community that are cringe-worthy. Because of the extremely poor interactions I’ve had with Farmer in the past, I’ve kept away from his work and the projects he is associated with.

In the past few months, I’ve read interviews with Farmer where he appears to have turned over a new leaf. In an interview on Torquemag congratulating him on WPMU Dev’s Smush Image Compression plugin winning the Plugin Madness competition, Farmer is asked what advice he would give to aspiring plugin developers?

“Make the free version as brilliant as you possibly can. Give back to the community as much as you can and it’ll come back to you in spades,” Farmer said. “Contribute to the wordpress.org support forums and community, commit code if you can, speak at WordCamps, and be as helpful and useful as possible, it’ll ALL be worth it, I promise.”

When asked what’s the most important lesson he’s learned as CEO and co-founder of WPMU Dev, he responded:

That is a very good question, and one I think I’m actually probably not able to answer as there are basically so so many important things.

I think though if I had to pick one, it goes along the same lines as my last answer: the more you give out, the more you give of yourself and the more, kinda, selfless that you are… the more you get back. And, sadly (and from painful experience), the opposite is also true.

Because of the way he answered these questions and my curiosity for his career in WordPress, I invited him on WordPress Weekly. We talked about his entrepreneurial career and some of the failures along the way. He explains the genesis behind the Smush Image Optimization Plugin and shares what it’s like to be part of the WordPress community in Australia.

My favorite part of the interview is when Farmer describes his experience at WordCamp Europe a few years ago that fundamentally changed his perception of the WordPress community.

After this interview, I can confidently say that the past between us is water under the bridge. I look forward to future conversations with Farmer and taking a closer look at his company’s products.

Stories Discussed:

bbPress 2.6 Beta 3 Likely as Team Focuses on Solid Data Migration Path
VersionPress 4.0 Tentatively Scheduled to Ship in September
WordPress 4.8 Release Targeted for June 8
WPHugs: A Community Devoted to Educating, Discussing, and Raising Awareness of Mental Health

WPWeekly Meta:

Next Episode: Wednesday, May 17th 3:00 P.M. Eastern

Subscribe To WPWeekly Via Itunes: Click here to subscribe

Subscribe To WPWeekly Via RSS: Click here to subscribe

Subscribe To WPWeekly Via Stitcher Radio: Click here to subscribe

Listen To Episode #272:

by Jeff Chandler at May 11, 2017 11:34 PM under wpmu dev

WPTavern: VersionPress 4.0 Tentatively Scheduled to Ship in September

Nealy a year ago, VersionPress 3.0 was released. This version added new search capabilities, bulk undo, and a number of bug fixes. It was the first release since it became a free, open source project.

In a post on the project’s development blog, Borek Bernard, co-founder of VersionPress, describes what the team is focusing on for 4.0 which includes a tentative release schedule.

VersionPress 4.0 beta is planned to ship in June with 4.0-final scheduled to ship in September. In addition, the team will be labeling the project as a Developer Preview to better indicate its production-readiness.

“With every major release, you rightfully ask about the status of the project when it comes to production-readiness,” Bernard said. “The answer is ‘your mileage may vary’ but we feel we should better indicate that it’s only really intended for developers, currently. Therefore, we’ll be adding the ‘Developer Preview’ label for the project as a whole.”

VersionPress 4.0 beta 1 will support Jetpack and WooCommerce via plugin definitions. Updates to internal data structures, compatibility fixes with WordPress 4.7, and other improvements are also slated to be in 4.0.

Bernard also provides an outline of what to expect from the project in the near future. The team hopes to release Version 5.0 later this year or early next year with definitions for the most popular plugins. It will also be the first version rolled out on the project’s upcoming platform. Version 6.0 is expected a year after that.

To contribute to VersionPress, you can get in touch with the founders through Gitter or visit the project’s Github page where pull requests are welcomed.

by Jeff Chandler at May 11, 2017 12:34 AM under Plugins

May 10, 2017

Akismet: Akismet WordPress Plugin 3.3.2 Now Available

Version 3.3.2 of the Akismet plugin for WordPress is now available. This update fixes a bug that was preventing some JavaScript from executing in wp-admin in some older browsers.

To upgrade, visit the Updates page of your WordPress dashboard and follow the instructions. If you need to download the plugin zip file directly, links to all versions are available in the WordPress plugins directory.


by Christopher Finke at May 10, 2017 05:19 PM under WordPress

Follow our RSS feed: 

WordPress Planet

This is an aggregation of blogs talking about WordPress from around the world. If you think your blog should be part of this site, send an email to Matt.

Official Blog

For official WordPress development news, check out the WordPress Core Blog.

Subscriptions

Last updated:

May 22, 2017 03:15 PM
All times are UTC.